CVE-2020-28957

Name of the Vulnerable Software and Affected Versions: Foxlor version 0.10.16

Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields in the Customer Add module. This enables the execution of malicious scripts, potentially leading to unauthorized actions on the affected system.

Recommendations: For Foxlor version 0.10.16, consider disabling the Customer Add module until a patch is available to prevent exploitation of the XSS vulnerabilities. Restrict access to the name, firstname, and username input fields to minimize the risk of malicious script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.